Seamless and Secure VR: Adapting and Evaluating Established Authentication Systems for Virtual Reality

Virtual reality (VR) headsets are enabling a wide range of new opportunities for the user. For example, in the near future users may be able to visit virtual shopping malls and virtually join international conferences. These and many other scenarios pose new questions with regards to privacy and security, in particular authentication of users within the virtual environment. As a first step towards seamless VR authentication, this paper investigates the direct transfer of well-established concepts (PIN, Android unlock patterns) into VR. In a pilot study (N = 5) and a lab study (N = 25), we adapted existing mechanisms and evaluated their usability and security for VR. The results indicate that both PINs and patterns are well suited for authentication in VR. We found that the usability of both methods matched the performance known from the physical world. In addition, the private visual channel makes authentication harder to observe, indicating that authentication in VR using traditional concepts already achieves a good balance in the trade-off between usability and security. The paper contributes to a better understanding of authentication within VR environments, by providing the first investigation of established authentication methods within VR, and presents the base layer for the design of future authentication schemes, which are used in VR environments only

OXIDATION OF SILICON - THE VLSI GATE DIELECTRIC

Silicon dominates the semiconductor industry for good reasons. One factor is the stable, easily formed, insulating oxide, which aids high performance and allows practical processing. How well can these virtues survive as new demands are made on integrity, on smallness of feature sizes and other dimensions, and on constraints on processing and manufacturing methods? These demands make it critical to identify, quantify and predict the key controlling growth and defect processes on an atomic scale.The combination of theory and novel experiments (isotope methods, electronic noise, spin resonance, pulsed laser atom probes and other desorption methods, and especially scanning tunnelling or atomic force microscopies) provide tools whose impact on models is just being appreciated. We discuss the current unified model for silicon oxidation, which goes beyond the traditional descriptions of kinetic and ellipsometric data by explicitly addressing the issues raised in isotope experiments. The framework is still the Deal-Grove model, which provides a phenomenology to describe the major regimes of behaviour, and gives a base from which the substantial deviations can be characterized. In this model, growth is limited by diffusion and interfacial reactions operating in series. The deviations from Deal-Grove are most significant for just those first tens of atomic layers of oxide which are critical for the ultra-thin oxide layers now demanded. Several features emerge as important. First is the role of stress and stress relaxation. Second is the nature of the oxide closest to the Si, both its defects and its differences from the amorphous stoichiometric oxide further out, whether in composition, in network topology, or otherwise. Thirdly, we must consider the charge states of both fixed and mobile species. In thin films with very different dielectric constants, image terms can be important; these terms affect interpretation of spectroscopies, the injection of oxidant species and relative defect stabilities. This has added importance now that P-b concentrations have been correlated with interfacial stress. This raises further issues about the perfection of the oxide random network and the incorporation of interstitial species like molecular oxygen.Finally, the roles of contamination, particles, metals, hydrocarbons etc are important, as is interface roughness. These features depend on pre-gate oxide cleaning and define the Si surface that is to be oxidized which may have an influence on the features listed above

PlaceRaider: Virtual Theft in Physical Spaces with Smartphones

As smartphones become more pervasive, they are increasingly targeted by malware. At the same time, each new generation of smartphone features increasingly powerful onboard sensor suites. A new strain of sensor malware has been developing that leverages these sensors to steal information from the physical environment (e.g., researchers have recently demonstrated how malware can listen for spoken credit card numbers through the microphone, or feel keystroke vibrations using the accelerometer). Yet the possibilities of what malware can see through a camera have been understudied. This paper introduces a novel visual malware called PlaceRaider, which allows remote attackers to engage in remote reconnaissance and what we call virtual theft. Through completely opportunistic use of the camera on the phone and other sensors, PlaceRaider constructs rich, three dimensional models of indoor environments. Remote burglars can thus download the physical space, study the environment carefully, and steal virtual objects from the environment (such as financial documents, information on computer monitors, and personally identifiable information). Through two human subject studies we demonstrate the effectiveness of using mobile devices as powerful surveillance and virtual theft platforms, and we suggest several possible defenses against visual malware

DoubleEcho: Mitigating Context-Manipulation Attacks in Copresence Verification

Copresence verification based on context can improve usability and strengthen security of many authentication and access control systems. By sensing and comparing their surroundings, two or more devices can tell whether they are copresent and use this information to make access control decisions. To the best of our knowledge, all context-based copresence verification mechanisms to date are susceptible to context-manipulation attacks. In such attacks, a distributed adversary replicates the same context at the (different) locations of the victim devices, and induces them to believe that they are copresent. In this paper we propose DoubleEcho, a context-based copresence verification technique that leverages acoustic Room Impulse Response (RIR) to mitigate context-manipulation attacks. In DoubleEcho, one device emits a wide-band audible chirp and all participating devices record reflections of the chirp from the surrounding environment. Since RIR is, by its very nature, dependent on the physical surroundings, it constitutes a unique location signature that is hard for an adversary to replicate. We evaluate DoubleEcho by collecting RIR data with various mobile devices and in a range of different locations. We show that DoubleEcho mitigates context-manipulation attacks whereas all other approaches to date are entirely vulnerable to such attacks. DoubleEcho detects copresence (or lack thereof) in roughly 2 seconds and works on commodity devices

Modelling the Spread of Botnet Malware in IoT-Based Wireless Sensor Networks

The propagation approach of a botnet largely dictates its formation, establishing a foundation of bots for future exploitation. The chosen propagation method determines the attack surface, and consequently, the degree of network penetration, as well as the overall size and the eventual attack potency. It is therefore essential to understand propagation behaviours and influential factors in order to better secure vulnerable systems. Whilst botnet propagation is generally well-studied, newer technologies like IoT have unique characteristics which are yet to be thoroughly explored. In this paper, we apply the principles of epidemic modelling to IoT networks consisting of wireless sensor nodes. We build IoT-SIS, a novel propagation model which considers the impact of IoT-specific characteristics like limited processing power, energy restrictions, and node density on the formation of a botnet. Focusing on worm-based propagation, this model is used to explore the dynamics of spread using numerical simulations and the Monte Carlo method, and to discuss the real-life implications of our findings